Most of us understand ISO and ISAE are important. However, many of us have difficulty explaining why these things are important. To help you get a better understanding of these things we sat down for an interview with our Security Officer Roland van der Geer and asked him to explain it to us in layman's terms.
Hi Roland, can you tell us something about what you do at VI Company?
Hello! I assist VI in achieving two of its goals. The first goal is to determine what needs to be done in order to become and remain ISO (9001 and 27001) certified. The second goal is to get VI Company an ISAE 3402 assurance report.
This year marks the second year in a row that VI Company is ISO certified. Can you explain what it means to be ISO certified and why it's important to us and our clients?
In order to become and remain ISO compliant we were required to set up a (management) system. Within this system, we developed processes and procedures that turned quality assurance and information security into an integral part of our organization.
Now that this system is in place we can guarantee our clients a level of quality assurance and information security that meets the ISO standards.
Currently, we’re working hard at VI to receive an ISAE 3402 report. Can you explain what this is and the difference between ISO and ISAE?
During an ISO audit, the auditor checks whether or not our system, processes, and procedures meet the ISO requirements. If so we receive the ISO certification or (if we already have the certification) get it extended for another year.
For ISAE 3402 the auditor looks at the past 6-12 months for proof on how well we adhered to certain key control measures related to the availability, integrity, and confidentiality of the VI Company services in scope. This results in a report that can be shared with clients.
Can an ISAE 3402 report replace an ISO 27001 certification?
No, an ISAE report cannot replace ISO certification or vice versa. Instead, see it as one complementing the other.
Why would an ISAE 3402 report be important for our clients?
For our clients, an ISAE 3402 report (in addition to ISO certifications) means an even greater sense of trust and confidence in VI Company’s expertise. The report proves we can provide our clients with the quality assurance and information security that we promise to.
When do you expect VI Company to receive its ISAE 3402 report?
Right now, we’re working hard to make it happen. The prognosis is to have the report ready sometime in September or October of 2020.
How long will an ISAE 3402 report be valid?
Just like with an ISO certification we’ll need to renew it every single year. This makes us stay on top of things, innovate, and keep up-to-date with the latest developments. This is a good thing, not only for us but also for our clients.
Thank you for your time Roland!
Do you want to know more about ISO, ISAE or what these mean for your organization or project? You can contact us via firstname.lastname@example.org and we'll get you in touch with the right person.